June 21, 2019 11:30
Photo : Jean-Philippe Bourgoin
The data of 2.9 million customers of the Desjardins group have been compromised when a former employee has stolen, has revealed the co-op yesterday.
Personal information, such as name, date of birth, address, telephone number, email address, social insurance number and some data on the habits and transactional products held at Desjardins, 2.7 million individuals and 173 000 companies have been disclosed to persons outside of the organization.
Desjardins ensures that the PIN, answers to security questions and passwords, however, have not been compromised.
A spokesman for Desjardins confirmed in the Journal of insurance that the customers of the subsidiaries of the co-operative movement, as Desjardins Insurance, are only affected if they are also members of Desjardins caisses. “If they are not members of a caisse, they are not affected by the situation. “
Desjardins also indicated that the customers concerned will be able to enjoy a free monitoring of their credit report, and insurance in case of identity theft by Equifax for a period of five years.
The Authority monitors the situation
In a press release sent yesterday a few minutes after the fraud was revealed, thefinancial markets Authority has said, “follow closely” the situation ” extremely serious “.
“After having been informed, the Authority was quickly asked about the potential impacts of the situation and the measures taken by Desjardins group in order to respond effectively,” says the regulator.
The Authority says it is satisfied with the actions taken by Desjardins group to protect the interest of its members and their assets. “[The Authority] remains confident that the leaders of the institution have taken charge of the situation with the rigor, transparency, and the speed command of the situation, and that the cooperation given to the police authorities, is full and complete. “
The regulator reminds that the risks associated with information security are now ” ubiquitous “. The Authority reminds financial institutions that they must properly assess the risks they are exposed to and strengthen the protection of personal information and cyber security.